From b399fbee737ebe99491bf1370002bbff00a784e0 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 1 Dec 2016 14:26:37 +0100
Subject: "fingerprint" now only pins the cert's SPKI, not the cert itself.

---
 lib/Net/IMAP/InterIMAP.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/Net/IMAP/InterIMAP.pm b/lib/Net/IMAP/InterIMAP.pm
index a899831..7a1ba34 100644
--- a/lib/Net/IMAP/InterIMAP.pm
+++ b/lib/Net/IMAP/InterIMAP.pm
@@ -1539,8 +1539,8 @@ sub _ssl_verify($$$) {
             my $type = Net::SSLeay::EVP_get_digestbyname($algo)
                 or $self->_ssl_error("Can't find MD value for name '$algo'");
 
-            if (Net::SSLeay::X509_digest($cert, $type) ne $digest and
-                Net::SSLeay::X509_pubkey_digest($cert, $type) ne $digest) {
+            my $pkey = Net::SSLeay::X509_get_X509_PUBKEY($cert);
+            unless (defined $pkey and Net::SSLeay::EVP_Digest($pkey, $type) eq $digest) {
                 $self->warn("Fingerprint doesn't match!  MiTM in action?");
                 $ok = 0;
             }
-- 
cgit v1.2.3